Posted
by
timothy
on Monday October 08, 2012 @06:06AM
from the q-in-tel-is-totally-a-different-story dept.

dgharmon writes with the lead from a story in the Brisbane Time: "Chinese telecom company Huawei poses a security threat to the United States and should be barred from US contracts and acquisitions, a yearlong congressional investigation has concluded. A draft of a report by the House Intelligence Committee said Huawei and another Chinese telecom, ZTE, 'cannot be trusted' to be free of influence from Beijing and could be used to undermine U.S. security."

Don't panic. If you have a Huawei phone just fill a bucket with water and drop the phone in. After 12 hours you can safely dispose of t in the bin. Then go and buy a phone made in the West like the....uhm..... well... do without a phone.

If past actions are anything to go by this stance actually says "We know that our electronics cannot be trusted to be free from US influence and therefore we cannot assume that a foreign nations electronics will be."

Obviously, the US has been doing exactly that. There are documented cases of back doors introduced into US software and hardware. It could bite them back with other countries using exactly the same argument against them.

I do not fault the US for defending their interests. It is clear that China will use all opportunities available to them, exactly as US did. But they are going to face the same issues that countries like Iran face now. They can use foreign technology that is better than domestic products, or they can try to stop it from entering the country. The fact is that US is quickly becoming irrelevant in hardware manufacturing, so it is a difficult call.

What seems clear is that this won't be good for the economy since it will be interpreted as tariffs by the other side.

Sovereign nations are almost...human in their actions. The paranoid planning, pre-emptive strikes on the basis of fear alone, and seeing corruption the same way some of the founders of old saw debt (always need to maintain a minimal amount of it, for "reasons") is strangely familiar.

It's almost like, having banded together as a giant group, the best and the worst of humanity has suddenly been increased a thousand fold.

My point was that a group of sovereign nations acts at an international level very much how an anarchy of playground kids act individually.

Nations scratch and stab each other's backs, make threats of war, duke out, spy, and all that just like people do on an individual basis if nobody is watching them.

Nations act just like people do, and unlike society, nations do not have anyone babysitting them to make them behave themselves. It is survival of the fittest where being nasty and getting away with it is a g

The fact is that US is quickly becoming irrelevant in hardware manufacturing, so it is a difficult call.

It's an easy call and should have been made years ago. You don't let other countries build your infrastructure be it telecoms, miltary, energy, etc...
And yes, it can be tough to bring the jobs back. But that's the battle you have after outsourcing everything including your own prosperity.

The US will still have "other countries" building it's infrastructure... It'll just be companies in European countries (Alcatel, Siemens, Ericsson), rather than Chinese ones (Huawei, LTE). The US has no telecom companies building most of this stuff, anymore.

I guess the same applies to companies like IBM, AT&T and Microsoft in the European Union, companies which undermine our domestic security (see the IBM Lotus Notes backdoor scandal in Sweden [heise.de]) and seek to influence our law makers. In particular AT&T with their lobbying for censorship rules and Microsoft which does not disclose the source code of its applications to the IT security agencies and undermines open source and open standards policies --- as if they were part of the European constituency. Oh, and don't mention the OOXML case.

Now all the other governments of the world should ban Microsoft for being a security threat and things could become far better for most of the people. Even could be considered "a national security threat", played a major role in Stuxnet/Flame/etc targetted attacks, where US agencies could had been involved.

In fact, with that argument most US based software companies could be banned outside, unless by licence (i.e. open source ones) you can get all the source, recompile and deploy it yourself. And that includes embedded software devices

If the Chinese government is using Windows for their government computers, they're fucking insane. In fact, we're insane for using it. Closed source is not secure. Period. Closed source and compiled in a foreign country? Absolutely bat shit crazy.

If the Chinese government is using Windows for their government computers, they're fucking insane. In fact, we're insane for using it. Closed source is not secure. Period. Closed source and compiled in a foreign country? Absolutely bat shit crazy.

For what we know, Microsoft practically hand the kernal source code to the Chinese government for their business. There's no telling they re-engineer the whole thing and use it internally. The best you can say about it is the lack of security but I'd say there are very little chance to have an intentional bug left in the source code for the purpose of spying.

Plus, why would Microsoft do that anyway? It doesn't help them in any way, shape, form. You know the government is going to bust their tail any

And pray tell what SW would all the countries use to run their businesses. Evidently you have not seen the chaos caused by companies trying to migrate just one application from a MS platform to another. There are millions of custom Windows business applications that would need to be re-engineered and the expense would be prohibitive to say the least. And No, running apps under Wine or any other virtual environment is not an acceptable solution because all it does is add another layer of code between the app

And pray tell what SW would all the countries use to run their businesses. Evidently you have not seen the chaos caused by companies trying to migrate just one application from a MS platform to another

All I hear you saying is that we should impede progress and let criminals get away with crime because some people are too stupid to choose Open standards that will permit a migration to another platform, later. Fuck them. They didn't do their homework, and they chose Microsoft, and that's how we got here to begin with. Why should the rest of us continue to pay for their bad decisions? We don't keep automakers going just because people won't be able to buy spares.

No I am just living in the real world where people such as yourself do not have a clue about the massive amount of work it takes to move applications to entirely different platforms. And exactly who are you paying for other peoples bad decisions? All the major software companies use different approaches to get their applications into the market place. Apple locks down their entire ecosystem. MS built their user base because they catered to the developers who create applications. The more people developing

This have been present since forever, so if that measure is taken now in particular hopely was for the current cyberwar climate (and not, i.e. because lobbyist complained about unfair price competition). And admitting that something could be a weapon means that it could be used by you too, so even if Huawei wasn't putting any backdoor in their products, future (or present) US products could have now, specifically to be used as weapons, control, information gathering, etc. And that have implications for US u

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

This looks like a try at restricting import with arbitrary reasons without any substance behind them. I am sure many countries smile at this as they get to block American goods like GM corn etc citing safety reasons, and now they can use US own rhetoric.

Free trade? It's a slogan not a reality. Governments the world over subsidize their industries. If you think backdoors don't exist in systems like this you're very naive. If I had anything I was worried about keeping secret I'd never use anything I didn't compile inhouse after a long, serious search of the source.

Right, the real influence is from Social Conservatives who merely hide behind Libertarian slogans. However the only reason Social Conservatives aren't all hanging from the lightpoles is that they spout Libertarian slogans.

You could introduce a "bug" into a processor that given a specific input (e.g. some GUID) will jump to a memory location and execute it. I guess that would be pretty difficult to find unless it is actually exploited.

First off i have a very hard time believing backdoors are built in the large networks they sell

Really? After stuxnet, flame, you think that?

Fact is most of that network hardware gets a great deal less scrutiny than desktop software gets. A much smaller number of people use it directly, far fewer security folks get access to it.

Even if backdoors are not deliberately inserted its beyond reason to think exploits don't exist somewhere. Now what would the Chinese government's security arm do if they discovered a useful reliable exploit? Probably exactly what our own did/does and create things like stuxnet. Oh and if you could work something like that into the network layer it would be way way harder to spot than at the application layer.

That commenter you are responding to, DarkOx, must either be blind, just arrived on the planet Earth, or a complete and totally illiterate moron --- who could possibly avoid reading about ALL the incessant backdoors in Microsoft, IBM, Cisco, Apple, hardware, etc., especially with that latest:

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

I think you underestimate the creativity of the people who make networking gear.

This looks like a try at restricting import with arbitrary reasons without any substance behind them. I am sure many countries smile at this as they get to block American goods like GM corn etc citing safety reasons, and now they can use US own rhetoric.

That's fine. The US House Committee is claiming that Huawei and ZTE receive billions from the Chinese government and are able to subsidize their products with that money so that they can be the lowest bidder to foreign countries. That's not entirely arbitrary as they're not claiming the same thing against Foxconn or Asus. If you want to say Monsanto receives government subsidiaries as tax credits or whatever, you're probably right but so does almost every other international company headquartered out of the United States. Want to place an embargo on the United States? Go right ahead, Iran and Cuba seem to be doing okay. Personally, I think the safety concerns against GM corn are enough to block it and I think they should continue along that line of reasoning -- what economic conspiracy do you have for keeping GM corn out?

This hearing was open [house.gov] and is completely available on YouTube if you want to rebut more specific claims by the committee. I like listening to the Huawei guy, he's pretty humorous, he says that they will not under any conditions jeopardize the integrity of their networks for any third party or government... yeah, like you sell networking gear in China and you can say that? Please.

Is the free trade not so fun anymore?

Oh, give me a break. Free trade? Are you serious? It's not fun when the most populous country in the world is artificially manipulating its markets, controlling what its currency trades at internally and creating its own companies that are traipsing around claiming to be private companies... christ, the tariffs and tax laws surrounding international business are so complicated, there's no point in calling any of this "free trade" in any sense of the words.

That's fine. The US House Committee is claiming that Huawei and ZTE receive billions from the Chinese government and are able to subsidize their products with that money so that they can be the lowest bidder to foreign countries. That's not entirely arbitrary as they're not claiming the same thing against Foxconn or Asus. If you want to say Monsanto receives government subsidiaries as tax credits or whatever, you're probably right but so does almost every other international company headquartered out of the United States. Want to place an embargo on the United States? Go right ahead, Iran and Cuba seem to be doing okay. Personally, I think the safety concerns against GM corn are enough to block it and I think they should continue along that line of reasoning -- what economic conspiracy do you have for keeping GM corn out?

Would it bother you too much if I pointed out that Foxconn (Hon Hai Precision Industry Co., Ltd., actually, Foxconn is the trade name) and Asus are both Taiwanese companies, and the USA generally considers Taiwan to not be a part of China (at least for purposes of defense and business). Perhaps you meant Lenovo and... never mind, China doesn't have an ODM anywhere close to Foxconn.

If this isn't just politial b.s. then the only way to address it would be to share the source and toolchain, so that the client can build and sign their own firmware... support then becomes interesting... Care to cite any published reports auditing networking gear? Router code is typically closed source firmware, every model being different, and with a new revision coming out every few months. Knock-knock protocols, where you send a message to one port, then to another port, etc... as a combination to op

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

Dormant backdoors are very hard to find, hit the firewall with a secret knock (timing/ports/payload) and it'll magically slip through or start relaying information or run a MITM attack or shut down or start a denial of service attack at a critical moment. You don't have to be so obvious as to send regular bits and bytes, you can use timing information, create intentional bit errors in the error correction or boost/lower the signal strength a fraction to create a covert subchannel, almost everything is possi

This looks like a try at restricting import with arbitrary reasons without any substance behind them. I am sure many countries smile at this as they get to block American goods like GM corn etc citing safety reasons, and now they can use US own rhetoric.

Care to explain why the Communist party of China has offices inside of Huawei's headquarters?

"Care to explain why the Communist party of China has offices inside of Huawei's headquarters?"

Sure. They do that with most large institutions from what I've seen when in China. There's a Party office in all of the universities, too. It allows the Party to keep an eye on things as well as serve as a liaison between the institution and the government when needed. Also, since companies are responsible for handing certain things for their employees that we would not necessarily consider companies doing here

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

Umm, they WERE FOUND. The report mentions sending "beacons", "relaying data", and other "anomalies".

Huawei's only contention is that they're merely INCOMPETENT, and their firmware just has tons of bugs, and none of them are (intentional) backdoors.

I'm told this is ironic because the reason that Huawei got started was because the Chinese did all sorts of experiments with Cisco gear and determined that they couldn't trust them because of all the backdoors they had to accommodate US agencies.

The Chinese needed network gear they could trust, they'd been tearing the Cisco gear down for a while to check them for back doors, so they just went the whole hog and started their own router company.

The main reason that the US *know* that the Huwaei gear has back doors in it is probably because they are the same back doors cloned from the Cisco gear, but with different encryption keys.

I'm told Huawei [wikipedia.org] started off selling phone switches, while Cisco [wikipedia.org] was working on computer networks from the start. They weren't really competitors until around 2000, as Huawei expanded into computer networks to accommodate the gradual merging of phone and computer networks.

I was teaching Huawei how to design in the PowerPC CPUs for their first switch designs in 1998, so your timing is about right. I was doing the same for Cisco starting around mid-1994. Their ice cream ping parties were great.

the reason that Huawei got started was because the Chinese did all sorts of experiments with Cisco gear and determined that they couldn't trust them because of all the backdoors they had to accommodate US agencies.

The Chinese needed network gear they could trust

If that was the motivation, it turned out to be one of the biggest failed experiments in history. Huawei's code is riddled with exploitable holes, in large part due to software development bad practices.

Hauwei should have started lobbying harder sooner. They spent over 800 million this year but only 200 million last year. Well, if they keep it up things will turn around. Gotta grease those palms in DC to get what you want.

The info is freely available to the public. They're just too busy watching "Desperate Cunts of some city or other" or "Dancing with the washed up hasbeens" ot worry about something as unimportant as who's buying up Congress.

All paranoid xenphobic US atitudes taken in context, this is onethat makes some sense. I just wish all other countries in the World would do the same thing towards US government hooked-up and not-trustable Microsoft.

So we'll get our new 4G LTE system where? Per the 60 Minutes segment that aired last night, there is no U.S. company capable of providing the infrastructure. They named a French, Chinese and perhaps a Swedish company as the only options.

Currently it is being bought from Sweden and France. Ericsson and Alcaltel-Lucent are building the 4g networks. But with the high costs of rolling out a new LTE network, Huawei could easily get in the market with vendor financing. One carrier specifically, Clearwire, since they need funding and are targeting TDD-LTE, would be a prime candidate for Huawei to get their foot in the door.

That the US Government officially took notice of Chinese efforts to spy on and undermine the US; wasn't all that fake Cisco equipment that ended up in the department of defense enough of a wake up call.

Anybody here evaluated Huawei equipment, or otherwise know more details about the reported issues of it sending "beacons" or "relaying data" back home, or the "anomolies" that appear to be backdoors? The real good stuff seems to be locked-up in that "classified" section we don't get to see...

Immediately after the Symantec/Huawei joint venture in 2007, backdoors and trojans began to appear that targeted Symantec products. Symantec products have been a staple of DoD environments for a number of years (http://www.symantec.com/press/2003/n030527a.html), so something like this likely raised more than a few eyebrows. I'm honestly surprised that it took this long considering how much trust we have in the Chinese (extremely little) and the fact that Huawei products had already been blacklisted by the D

Yeah, but don't those chipsets from Cisco and Juniper, also made in China, already have the same hardwired backdoors??

Offshore the jobs, technology and investments (along with sensitive defense industry tech) to China, and NOW they claim they're a security threat????? Obviously, Korporate AmeriKa and our criminal congress are the security threats.

How is our market closed down? We still buy billions of dollars worth of cheap, useless shit every year.

That's a silly comment considering the trade deficit with China.

As for trust, why would anyone in the business world trust China? They openly steal any intellectual property they can get their hands on. I'm in the auto industry, we learned long ago not to allow any assembled components be produced in China. They can make our brackets and bolts and seals but if we let them do final assembly we'l